<?php
header('Content-type:text/html;charset=utf-8');
include "conn.php";
//获取表单中的用户名和口令
$user_name = $_POST["user_name"];
$user_pass = $_POST["user_pass"];
//连接数据库
//$conn=mysqli_connect("localhost", "root","","student","3308") or die("数据库连接失败");
$sql = "select * from user where user_name='$user_name' ";
$result = mysqli_query($conn, $sql) or die("查询失败，请检查SQL语法");

if (mysqli_num_rows($result) > 0) {
  $row = mysqli_fetch_assoc($result);

  if (password_verify($user_pass, $row['user_pass'])) {
    session_start();
    $_SESSION["user"] = $user_name;
    header("location:main.php");
  } else {
    echo "<script language='javascript' type='text/javascript'>";
    echo "alert('密码不正确');";
    echo "location.href='login.php';";
    echo "</script>";
  }
} else {
  echo "<script language='javascript' type='text/javascript'>";
  echo "alert('用户名不正确');";
  echo "location.href='login.php';";
  echo "</script>";
}
